luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
4811 commits 1 branch 0 tags 214 MiB
Commit graph

4811 commits

This branch
This branch
All branches
Author SHA1 Message Date
vishalnayak e0c41f02c8 Fix incorrect naming of bound_iam_instance_profile_arn 2016-09-23 11:22:23 -04:00
Evan Phoenix 4214a0199d Advertise the cluster_(id|name) in the Scada handshake (#1906) 2016-09-23 10:55:51 -04:00
vishalnayak f560e20b28 Address review feedback 2016-09-22 18:07:35 -04:00
Jeff Mitchell 57f3904d74 Use VAULT_LOG_FORMAT as an analogue to LOGXI_FORMAT 2016-09-22 17:22:02 -04:00
vishalnayak c26754000b Fix ssh tests 2016-09-22 11:37:55 -04:00
vishalnayak 07b1b244d6 Use net.IPv4zero to check for zero address 2016-09-21 20:29:33 -04:00
vishalnayak aaadd4ad97 Store the CIDR list in the secret ID storage entry. 
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
 2016-09-21 20:19:26 -04:00
vishalnayak 578b82acf5 Pass only valid inputs to validation methods 2016-09-21 15:44:54 -04:00
Jeff Mitchell d65da5613c Add missing dep 2016-09-21 14:02:35 -04:00
Jeff Mitchell 226ef5d78c Make HA in etcd off by default. (#1909) 
Fixes #1908

(Doesn't really "fix" it but someone from the community needs to step up
if they want to see this fixed.)
 2016-09-21 14:01:36 -04:00
vishalnayak 93604e1e2e Added cidrutil helper 2016-09-21 13:58:32 -04:00
Jeff Mitchell 5c9bd9adcb changelog++ 2016-09-21 13:50:07 -04:00
Jeff Mitchell 676e7e0f07 Ensure upgrades have a valid HMAC key 2016-09-21 11:10:57 -04:00
Jeff Mitchell 0ff76e16d2 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Jeff Mitchell 982f151722 Update docs to reflect that there is more than one constraint for EC2 now 2016-09-20 16:11:32 -04:00
Jeff Mitchell bbe87db913 Force tls_disable on scada connection inside outer TLS connection as it's not currently supported anyways 2016-09-20 14:56:16 -04:00
Chris Hoffman 5c241d31e7 Renaming ttl_max -> max_ttl in mssql backend (#1905) 2016-09-20 12:39:02 -04:00
Carlo Cabanilla f6239cf0c0 fix shell quoting (#1904) 
$() doesnt get evaluated in single quotes, so you need to break out of it first
 2016-09-19 17:11:16 -04:00
Jeff Mitchell 27782238a1 changelog++ 2016-09-19 13:03:03 -04:00
Jeff Mitchell 69c4452344 Merge branch 'master' of https://github.com/hashicorp/vault into master-oss 2016-09-19 13:02:30 -04:00
Jeff Mitchell f3ab4971a6 Follow Vault convention on DELETE being idempotent (#1903) 
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
 2016-09-19 13:02:25 -04:00
Jeff Mitchell 7f3041d6a5 Fix formatting 2016-09-19 13:00:50 -04:00
Jeff Mitchell 6e40d606d4 Bump to newer middleman-hashicorp 2016-09-19 12:42:35 -04:00
Jeff Mitchell 85c51fd861 Update website docs to indicate sudo being required for auth/audit 
endpoints.
 2016-09-19 12:10:08 -04:00
Vishal Nayak 97dc0e9f64 Merge pull request #1897 from hashicorp/secret-id-accessor-locks 
Safely manipulate secret id accessors
 2016-09-19 11:37:38 -04:00
Jeff Mitchell 86c83c3a98 changelog++ 2016-09-19 09:41:01 -04:00
vishalnayak fefd3a6c0b s/GetOctalFormatted/GetHexFormatted 2016-09-16 17:47:15 -04:00
Jeff Mitchell f7b3937c77 Fix website display of tune paths 2016-09-16 12:03:50 -04:00
Jeff Mitchell 897d3c6d2c Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop. 2016-09-16 11:05:43 -04:00
vishalnayak 271ab5a4bd changelog++ 2016-09-16 10:59:59 -04:00
Vishal Nayak 47a9c45189 Merge pull request #1899 from hashicorp/format-yml 
Add yml alias for yaml
 2016-09-16 10:56:01 -04:00
vishalnayak e123f33a91 Add yml alias for yaml 2016-09-16 10:43:23 -04:00
vishalnayak ba72e7887a Safely manipulate secret id accessors 2016-09-15 18:13:50 -04:00
Vishal Nayak 61664bc653 Merge pull request #1886 from hashicorp/approle-upgrade-notes 
upgrade notes entry for approle constraint and warning on role read
 2016-09-15 12:14:01 -04:00
vishalnayak 5597156886 check for nil role 2016-09-15 12:10:40 -04:00
Vishal Nayak 4f33e8d713 Merge pull request #1892 from hashicorp/role-tag-defaults 
Specify that role tags are not tied to an instance by default
 2016-09-15 12:04:41 -04:00
vishalnayak 6a0f788dee changelog++ 2016-09-15 12:03:48 -04:00
Vishal Nayak 464f479ff0 Merge pull request #1889 from hashicorp/configurable-nonce 
aws-ec2: generate the client nonce by default during first login attempt
 2016-09-15 11:49:38 -04:00
vishalnayak 92986bb2a0 Address review feedback 2016-09-15 11:41:52 -04:00
vishalnayak a1de742dce s/disableReauthenticationNonce/reauthentication-disabled-nonce 2016-09-15 11:29:02 -04:00
vishalnayak 9bca127631 Updated docs with nonce usage 2016-09-14 19:31:09 -04:00
vishalnayak 857f921d76 Added comment 2016-09-14 18:27:35 -04:00
vishalnayak 39796e8801 Disable reauthentication if nonce is explicitly set to empty 2016-09-14 17:58:00 -04:00
vishalnayak 2639ca4d4f Address review feedback 2016-09-14 16:06:38 -04:00
James Pearson Hughes f598c78d98 DynamoDB: fix log typo (#1891) 2016-09-14 15:16:24 -04:00
vishalnayak dcddaa8094 Address review feedback 2016-09-14 15:13:54 -04:00
Jeff Mitchell bd4584c346 Make bootstrap use -u to ensure up-to-date versions of tools, as that's 
what we build with.

Fixes #1890
 2016-09-14 15:10:02 -04:00
vishalnayak d5cc763b8d Clarify that tags can be used on all instances that satisfies constraints 2016-09-14 14:55:09 -04:00
vishalnayak 03fc7b517f Specify that role tags are not tied to an instance by default 2016-09-14 14:49:18 -04:00
vishalnayak d0e4d77fce address review feedback 2016-09-14 14:28:02 -04:00